Security experts criticize malware list

Just how useful is the Common Malware Enumeration (CME) initiative debuted by U.S.-CERT this autumn?

The system was created to sort out some of the confusion created by the different naming systems used by different security vendors, and to help system administrators deal with outbreaks more effectively. Some security experts have, however, voiced doubts as to how well CME is working in practice.

One complaint is that the system isn't providing much information on malware aside from listing the reference codes used by different security vendors. Such information was promised more than a year ago by the organizers of the CME plan -- U.S.-CERT, the U.S. Department of Homeland Security, and antivirus vendors such as Microsoft, Trend Micro, McAfee and Symantec.

The plan was outlined in an open letter, published by the SANS Institute, in which the organizations said U.S.-CERT would "assign a CME identifier... to each new, unique threat and to include additional incident response information when available".

The goal was "improving the malware information resources available to (antivirus) software users, first responders, and malware analysts -- anyone who depends on accurate, concise information about malware," the letter said.

The letter was in response to criticism voiced in an earlier open letter to the security industry by Chris Mosby, a system administrator, in which he strongly criticized antivirus vendors for adopting "an isolationist attitude" that made it difficult for administrators to deal with complex virus outbreaks. "As the customers that spend money for your products, we should not have to work so hard to figure out if your products are keeping us protected," Mosby wrote.

A year later, the most difficult part of the CME project - distinguishing similar pieces of malicious code from one another - appears to be working. But CME still only provides a basic list of names used by different vendors, without listing details or even including links.

This makes the project of limited use, even compared with similar, independent projects such as Secunia's virus information database, according to SANS Internet Storm Center handler Patrick Nolan.

"Links to technical analysis was a hoped-for outcome for the CME project, since vendors' technical analysis is the critical 'additional incident response information' needed by the people responding to malware outbreaks," Nolan wrote in a recent entry in the ISC diary. "A name by any other name is just a name."

Thomas Kristensen said the lack of links or additional information means CME is of limited use to the general public. "It can only be used by the vendors and others with a specific interest in viruses to more easily identify viruses in other vendors' databases," he said. "It probably does what it was intended to do, and more information would probably exceed the intended purpose."

Such criticisms are beside the point, according to Graham Cluley, senior technology consultant with Sophos Antivirus. "We mustn't criticize it for not being a 100 percent solution, it's a definite step in the right direction," he said. "The most important thing is that its making correlations between the different names."

He said the system would be sure to improve over time. "Linking to more information seems to be an obvious thing they could do," he said.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Matthew Broersma
Show Comments


James Cook University - Master of Data Science Online Course

Learn more >


Victorinox Werks Professional Executive 17 Laptop Case

Learn more >



Back To Business Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?